DESCRIPTION

Every SSL connection has a context, which specifies various options. You can also specify these options on Net::SSLeay::OO::SSL objects, but you would normally want to set up as much as possible early on, then re-use the context to create new SSL handles.

The OpenSSL library initialization functions are called the first time that a Net::SSLeay::OO::Context object is instantiated.

ATTRIBUTES

ctx : Int

The raw ctx object. Use at your own risk.

ssl_version: ( undef | 2 | 3 | 10 )

Specify the SSL version to allow. 10 means TLSv1, 2 and 3 mean SSLv2 and SSLv3, respectively. No options means 'SSLv23'; if you want to permit the secure protocols only (SSLv3 and TLSv1) you need to use:

Specify where CA certificates in PEM format are to be found. $filename is a single file containing one or more certificates. $path refers to a directory with 9d66eef0.1 etc files as would be made by c_rehash. See SSL_CTX_load_verify_locations(3ssl).

set_default_verify_paths()

Sets up system-dependent certificate store location. This is probably quite a good default.

set_verify($mode, [$verify_callback])

Mode should be either VERIFY_NONE, or a combination of VERIFY_PEER, VERIFY_CLIENT_ONCE and/or VERIFY_FAIL_IF_NO_PEER_CERT. If you don't set this as a server, you cannot later call ->get_peer_certificate to find out if the client configured a certificate (though there are references to repeating SSL negotiation, eg in SSL_read(3ssl), not sure how this is performed though).

During the handshake phase, the $verify_callback is called once for every certificate in the chain of the peer, starting with the root certificate. Each time, it is passed two arguments: the first a boolean (1 or 0) which indicates whether the in-built certificate verification passed, and the second argument is the actual certficate which is being verified (a Net::SSLeay::OO::X509 object). Note this is different to the calling convention of OpenSSL and Net::SSLeay, which instead (logically, anyway) pass a Net::SSLeay::OO::X509::Context object. However there is little of interest in this other object, so for convenience the current certificate is passed instead as the second object. The Net::SSLeay::OO::X509::Context is passed as a third argument should you need it.

AUTHOR

COPYRIGHT

Copyright (C) 2009 NZ Registry Services

This program is free software: you can redistribute it and/or modify it under the terms of the Artistic License 2.0 or later. You should have received a copy of the Artistic License the file COPYING.txt. If not, see <http://www.perlfoundation.org/artistic_license_2_0>